Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2026-27466

CVE-2026-27466 affects BigBlueButton prior to 3.0.22. In 3.0.21 and earlier, the official Server Customization guidance for ClamAV as a presentation-file scanner exposes ports 3310 and 7357, allowing a remote attacker to send large/complex documents to clamd and exhaust resources or shut it down....

EUVD-2025-31624

Malicious code in bioql PyPI...

CVE-2025-34221

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 VA/SaaS deployments expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

CVE-2025-34221 Vasion Print (formerly PrinterLogic)

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 VA/SaaS deployments expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

CVE-2025-34218 Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1049 that stems from a gw Docker instance exposing an internal Docker container, which could lead to information...

PT-2025-39884

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application expose interna...

CVE-2025-34202

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 VA and SaaS deployments expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a...

PT-2024-20534 · Crafatar · Crafatar

Name of the Vulnerable Software and Affected Versions: Crafatar versions prior to 2.1.5 Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind...